Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Script Error.....


  • This topic is locked This topic is locked
12 replies to this topic

#1 Guest_trey48fan_*

Guest_trey48fan_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2006 - 04:15 PM

Hello all, I am experiencing the annoying IE script error that others have posted about. I have gone through all the scans and preparations outlined in your Hijackthis preparation post and am now posting my logfile.

I receive the following error message continuously, every couple of minutes on my computer. I am running IE version 6 and WinXP-SP2 on my computer here at work. I have disabled the script error notification and Disabled Script Debugging (IE and other). I would really appreciate any help you can provide me to get this adware p/s off my machine. Each time I restart, and often several times without a restart my Norton tells me that it has detected a threat (the adware p/s) says to scan, says it has been resolved but then inevitably returns again. Thanks in advance....

BTW, following is the error message.

An Error Has Occured in the Script on This Page

Line: 11
Character: 1
Error: Object Expected
Code: 0
URL: file://C:\documents and settings\kerry\local settings\temp\NDrXXX.tmp.html

The NDr numbers change each time...

Following is my Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 3:59:13 PM, on 7/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS1\system32\LEXBCES.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS1\ASEMBL~1\TSKMGR~1.EXE
C:\WINDOWS1\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...LtoTr82NhFWsPg=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\RunServices: [awhost32] C:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\ECURIT~1\taskmgr.exe" -vt mtx
O4 - HKCU\..\Run: [Nugaltbu] C:\WINDOWS1\ASEMBL~1\TSKMGR~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: SEAGULL J Walk Java Client 3_1C1 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: SEAGULL J Walk Java Client 4_0C10 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://192.168.1.105:9101/SpecoRemote.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} (MultiDownload Control) - http://www.samsungasc.com/include/cab/MultiDownload.cab
O20 - AppInit_DLLs: wuauboot.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS1\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)

BC AdBot (Login to Remove)

 


#2 Guest_trey48fan_*

Guest_trey48fan_*

  • Guests
  • OFFLINE
  •  

Posted 08 July 2006 - 10:47 AM

Anyone out there to help with this? Thanks

#3 Guest_trey48fan_*

Guest_trey48fan_*

  • Guests
  • OFFLINE
  •  

Posted 14 July 2006 - 04:31 PM

I posted my HJT log on 7/7 and have not had any replies. Please help. 47 views and no replies on the following thread. Thanks in advance....

http://www.bleepingcomputer.com/forums/t/57948/script-error/

New HJT log....

Logfile of HijackThis v1.99.1
Scan saved at 5:24:53 PM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS1\system32\LEXBCES.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS1\ASEMBL~1\TSKMGR~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS1\system32\ntvdm.exe
C:\WINDOWS1\system32\ntvdm.exe
C:\Program Files\Netscape\Netscape Browser\flash-ns.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...LtoTr82NhFWsPg=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\RunServices: [awhost32] C:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\ECURIT~1\taskmgr.exe" -vt mtx
O4 - HKCU\..\Run: [Nugaltbu] C:\WINDOWS1\ASEMBL~1\TSKMGR~1.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: SEAGULL J Walk Java Client 3_1C1 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: SEAGULL J Walk Java Client 4_0C10 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://192.168.1.105:9101/SpecoRemote.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} (MultiDownload Control) - http://www.samsungasc.com/include/cab/MultiDownload.cab
O20 - AppInit_DLLs: wuauboot.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS1\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)

Edited by trey48fan, 14 July 2006 - 05:27 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 15 July 2006 - 12:50 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.


Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido scan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Guest_trey48fan_*

Guest_trey48fan_*

  • Guests
  • OFFLINE
  •  

Posted 24 July 2006 - 04:50 PM

Thanks for answering Buckeye Sam. Sorry I'm slow, been out of town.

Follwing are my Ewido scan and new HJT log..... Ewido is first...

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:34:07 PM 7/24/2006

+ Scan result:



C:\Program Files\EMsearchassistant\EMInstaller.exe/em2.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Easy Messenger\CID.exe/ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\Easy Messenger\em2.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194766.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\EasyMessengerAX.dll/CID.exe/ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\EasyMessengerAX.dll/em2.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194769.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194772.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194773.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194774.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194775.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194780.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194780.vxd/C:/WINDOWS/system32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194781.vxd/C:/WINDOWS/system32/exdl.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194781.vxd/C:/WINDOWS/system32/exul.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194781.vxd/C:/WINDOWS/system32/javexulm.vxd -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194781.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194730.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\temp.frA530\bin\Starware.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\temp.frA530\bin\dlls\jokester.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP449\A0176231.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP449\A0176232.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\akcore.dll -> Adware.Coreak : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\docore.dll -> Adware.Couponage : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dosync.dll -> Adware.Couponage : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194778.exe -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194758.dll -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Cache\trgen-fran-default.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Cache\trgen_fran-162813.exe -> Adware.HotSearchBar : Cleaned with backup (quarantined).
C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js -> Adware.ISearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194733.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\isrvs\ffisearch.exe -> Adware.MDH : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194767.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS1\aѕsembly\tаskmgr.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS1\system32\wuauboot.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
[192] C:\WINDOWS1\system32\wuauboot.dll -> Adware.PurityScan : Error during cleaning.
[240] C:\WINDOWS1\system32\wuauboot.dll -> Adware.PurityScan : Error during cleaning.
[252] C:\WINDOWS1\system32\wuauboot.dll -> Adware.PurityScan : Error during cleaning.
[404] C:\WINDOWS1\system32\wuauboot.dll -> Adware.PurityScan : Error during cleaning.
[476] C:\WINDOWS1\system32\wuauboot.dll -> Adware.PurityScan : Error during cleaning.
[536] C:\WINDOWS1\system32\wuauboot.dll -> Adware.PurityScan : Error during cleaning.
[672] C:\WINDOWS1\system32\wuauboot.dll -> Adware.PurityScan : Error during cleaning.
C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.Sahat : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users.WINDOWS\Application Data\msw\BMan1.exe -> Adware.Searcher : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\aklsp.dll -> Downloader.Agent.br : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\akupd.dll -> Downloader.Agent.br : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dolsp.dll -> Downloader.Agent.br : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\akrules.dll -> Downloader.Agent.bt : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\QDow_AS2.dll -> Downloader.QDown.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194742.EXE -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2CA9825-4925-41E4-829B-5AC118DD73CE}\RP509\A0194731.dll -> Hijacker.Delf.r : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@diginet.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@stubhub.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
:mozilla.157:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfk4kiazelp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfk4wldpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfk4wmczalq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfkiunc5ogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfkoajcjiaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfl4gjdjikp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfl4kmdpkfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wflickazckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfliwjcjobp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wfmyqndzgeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wgk4wkczido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wgkiupcpcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wgkould5sco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wgl4wocjahq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6whkyqlazslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6whliuidzgko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjk4alajoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjk4kmdpeko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjk4unczggq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjk4wmajggo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkoagczclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkoenazoko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkokkdzohp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkoogdjmgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkoskc5skp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkoskczmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkowgajolq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkowkazocq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkowndzsgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkyendzcep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkykgd5mbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjkyqidjgcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjl4kldpigp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjl4opazkco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjl4qlc5mdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjl4wmd5gdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjliajdpkbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjlikhcpaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjlismcpogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjliuoazmkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjloogcjkkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjlyandpsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjlyonc5oco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjlysnd5kbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjmigidjoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjmiqjcjoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjmisjazwgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjmiwpcpslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjmyckdjiap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjny-1gc5wc.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjny-1id5ad.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjny-1pajwh.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjnyeiajchq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjnyoiazcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjnyoldpmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@e-2dj6wjnyskczicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@e-2dj6wjkoglajeap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@e-2dj6wjny-1sdjgh.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ehg-attworldnet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ehg-oreilly.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ehg-tigerdirect2.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ehg-ubid.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
:mozilla.163:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.164:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.165:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\kerry\Application Data\Netscape\NSB\Profiles\ioap6his.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.46:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Local Settings\Temp\Cookies\kerry@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.119:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.129:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.130:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
:mozilla.159:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\kerry\Cookies\kerry@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.158:C:\Documents and Settings\kerry\Application Data\Mozilla\Firefox\Profiles\6vqij5yd.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Cache\setup.exe -> Trojan.VB.tq : Cleaned with backup (quarantined).


::Report end

Next is the new HJT....

Logfile of HijackThis v1.99.1
Scan saved at 4:43:36 PM, on 7/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS1\system32\LEXBCES.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...LtoTr82NhFWsPg=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [awhost32] C:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\ECURIT~1\taskmgr.exe" -vt mtx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: SEAGULL J Walk Java Client 3_1C1 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: SEAGULL J Walk Java Client 4_0C10 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://192.168.1.105:9101/SpecoRemote.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} (MultiDownload Control) - http://www.samsungasc.com/include/cab/MultiDownload.cab
O20 - AppInit_DLLs: wuauboot.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS1\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)

Thanks again, the adware purity scan is driving me crazy!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 24 July 2006 - 05:12 PM

Now I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Guest_trey48fan_*

Guest_trey48fan_*

  • Guests
  • OFFLINE
  •  

Posted 24 July 2006 - 05:34 PM

Here it is Sam....


ABBYY FineReader 5.0 Sprint
ACUBE UniSSOTray V1.0
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
AutoMan System Ver. 5.7 - ESI Client
CC_ccProxyExt
ccCommon
ccPxyCore
Dell AIO Printer A920
Direct Show Ogg Vorbis Filter (remove only)
DivX 4.12 Codec
ewido anti-spyware 4.0
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
iKeyWorks 6.12
iWheelWorks V7.40
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
Kaspersky Online Scanner
LimeWire 4.9.28
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
MSRedist
NokiaFREE Unlock Codes Calculator
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
PartsFinderII
QuickBooks Pro 99
QuickTime
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SPBBC
Spy Sweeper
Spybot - Search & Destroy 1.4
TiVo Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 25 July 2006 - 07:23 AM

Please download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe


Reboot and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Guest_trey48fan_*

Guest_trey48fan_*

  • Guests
  • OFFLINE
  •  

Posted 25 July 2006 - 10:40 AM

New HJT log after uninstaller....


Logfile of HijackThis v1.99.1
Scan saved at 10:36:56 AM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS1\system32\LEXBCES.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\WINDOWS1\system32\ntvdm.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...LtoTr82NhFWsPg=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [awhost32] C:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: SEAGULL J Walk Java Client 3_1C1 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: SEAGULL J Walk Java Client 4_0C10 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://192.168.1.105:9101/SpecoRemote.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} (MultiDownload Control) - http://www.samsungasc.com/include/cab/MultiDownload.cab
O20 - AppInit_DLLs: wuauboot.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS1\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:19 PM

Posted 25 July 2006 - 05:32 PM

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


===============


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...LtoTr82NhFWsPg=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk142YYUS
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe
O20 - AppInit_DLLs: wuauboot.dll



Reboot and post a new hijackthis log.
Let me know of any problems that you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Guest_trey48fan_*

Guest_trey48fan_*

  • Guests
  • OFFLINE
  •  

Posted 25 July 2006 - 06:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:12:05 PM, on 7/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS1\system32\LEXBCES.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Hardware\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Hardware\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [awhost32] C:\Program Files\Symantec\pcAnywhere\\Awhost32.exe /A
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: SEAGULL J Walk Java Client 3_1C1 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: SEAGULL J Walk Java Client 4_0C10 - http://12.14.82.69/jwalk/jwalk_ie.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/ezt/toolbar/eztdl.cab
O16 - DPF: {5B8DED15-6FC1-4044-A923-F8CE2EAB40B7} (SpecoRemote Control) - http://192.168.1.105:9101/SpecoRemote.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B06ECF02-E502-4737-BA32-91CA0CECFBD1} (MultiDownload Control) - http://www.samsungasc.com/include/cab/MultiDownload.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS1\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)



I'm not sure if it's the same one but the second item on your list of things you asked me to "fix" with the HJT seems to be back on this log as well. The one I'm talking about is the R0 HKLM..........redclientapps.......

Thanks for all your help. Donation to come!

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio

Posted 25 July 2006 - 06:31 PM

I'm not sure if it's the same one but the second item on your list of things you asked me to "fix" with the HJT seems to be back on this log as well. The one I'm talking about is the R0 HKLM..........redclientapps.......

That's not really anything to be concerned about. I just like to tidy up a log before I'm done with it. :thumbsup:

Your log looks good to me. I don't see anything else to be concerned about and you should be good to go.
Here are some recommendations for you to keep things running smoothly.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:flowers: :huh:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:19 PM

Posted 12 August 2006 - 06:24 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users